Live Text told users what a document says. The next step is whether it's true.
Your platform already does the hard part: on-device OCR in the camera, text selection in the browser
and PDF viewer. Issuer-attested verification is the increment — normalize the text the user already
selected or scanned, SHA-256 it, GET the issuer's domain, overlay the answer. Four seconds, fully
on-device until a single hash lookup.
Why this belongs in the platform
It follows a path you've walked before. OCR graduated from third-party apps into
the native camera as Live Text; verification of what the OCR read is the same graduation, one
step later. "Verified / Revoked / Not found" is a natural camera and text-selection overlay.
The timing is forced. Generative AI has made visually perfect document forgery
effectively free. Detection-based responses are an arms race; attestation by the issuer's own
domain is not. Users will need a "is this real?" gesture, and the platform owns the gesture.
It's a safety feature, not a service. No accounts, no server you must run, no
data leaves the device except one hash lookup to the issuer the document itself names.
Why it's safe to adopt
No gatekeeper to become, no gatekeeper to fear. Trust roots in DNS: the same
namespace that already says gov.uk is the UK government. There is no central registry,
no consortium to join, no operator to depend on — and adopting it does not put you in the
business of deciding which documents are true.
Privacy-preserving by construction. Normalization and hashing happen on-device.
The issuer sees a hash, never the document; you see nothing at all.
Not a blockchain. No ledger, token, or consensus network. A verification is a
plain HTTPS GET against the issuer's server — which is precisely what makes claims revocable
the moment an issuer changes its mind.
The standard is small.text → normalize → SHA-256 → GET,
a verify: URL scheme, and a response format. The full spec, normalization rules, and
authority-chain model are documented in the
repository.
What already exists for your team to take
Reference implementations, Apache 2.0: iOS (Vision + JavaScriptCore), Android
(ML Kit + Rhino), and a Manifest V3 browser extension — all running the same canonical
normalization code.
Cross-platform conformance fixtures: shared hash test vectors that all
implementations must reproduce byte-for-byte, so your implementation can prove interop on day one.
Working demos on real hardware: real-iPhone and real-Android verification of
physical documents, plus automated Playwright runs against simulated national authority chains
— videos and screenshots here.
A mapped demand landscape:589 documented use cases
across fraud, safety, and compliance, for the product brief you'll inevitably be asked to write.
The intent is for platforms to take this over. It's an open standard with no
trademark ambitions and no tollbooth. The roadmap's end state is your camera, your browser, your
PDF viewer shipping the UX natively — this project supplies the spec, the fixtures, and the
evidence of demand.